In this tutorial I will show you the tracking TCP Connections With tcptrack on Linux servers.
tcptrack command displays the status of TCP connections that it sees on a given network interface. tcptrack monitors their state and displays information such as state, source/destination addresses and bandwidth usage in a sorted, updated list very much like the top command.
Redhat (RHEL) / Fedora / CentOS user, download tcptract here. For example download RHEL 64 bit version:
# cd /tmp/
# wget http://dag.wieers.com/rpm/packages/tcptrack/tcptrack-1.1.5-1.2.el5.rf.x86_64.rpm
# rpm -ivh tcptrack-1.1.5-1.2.el5.rf.x86_64.rpm
Debian / Ubuntu Linux user use apt-get as follows:
$ sudo apt-get install tcptrack
How do I use tcptract to monitor and track TCP connections ?
tcptrack requires only one parameter to run i.e. the name of an interface such as eth0, eth1 etc. Use the -i flag followed by an interface name that you want tcptrack to monitor.
# tcptrack -i eth0
# tcptrack -i eth1
You can just monitor TCP port 25 (SMTP)
# tcptrack -i eth0 port 25
The next example will only show web traffic monitoring on port 80:
# tcptrack -i eth1 port 80
tcptrack can also take a pcap filter expression as an argument. The format of this filter expression is the same as that of tcpdump and other libpcap-based sniffers. The following example will only show connections from host 18.104.22.168:
# tcptrack -i eth0 src or dst 22.214.171.124
For further option please refer to man page of netstat and tcptrack command.
Was this Tutorial helpful? Help others share on Facebook, Twitter, and Google Plus!